- RootedObjects Private Limited having its registered office at 314 Raheja Arcade, Koramangala, Bangalore – 560095, Karnataka, India, (also referred to as "Company", “our”, “us” or "we") operates an online e-commerce portal through the website rootedcompany.co (hereinafter referred to as the “Portal”).
Information that we collect
- Information that is collected as you use the Portal and its Services includes the following:
- Your Personal Information: When you sign up and register with us through the Portal, we ask you for your Personal Information. “Personal Information” means information that would allow someone to identify or contact you, such as your name; registered User Account information like username and password; email address; contact number and complete address. However, Personal Information does not include aggregated information that, by itself, does not permit the identification of individual persons and does not include Activity Information (defined in paragraph 3).
How we use the information
- We will use the information that we collect for the following amongst other purposes related to the Services:
- We will use your name in order to customise all our communications sent to You.
- Your E-mail address will be used to communicate the following:
- All Service related messages including but not limited to confirmation of: (a) your order(s); (b) cancellation and refund requests; or (c) return or exchange requests;
- Promotional messages regarding the Services and/or Products offered by RootedObjected Private Limited from time to time; and
- Any other communication that we wish to send to You in relation to the Portal.
- Your Phone number will be an alternative method to contact You either via SMS and/or Whatsapp, for communicating any Service related messages. We will share your phone number with the third party carrier in order to facilitate a seamless delivery experience.
- Your address will be shared with the third party carrier or the Vendor, to facilitate delivery of the Product(s) purchased on the Portal to you.
- In order to improve the quality of Our Portal and/or the Services we may ask You to provide us with information regarding Your experiences on Our Portal. Users have the option of choosing not to provide Us with this information.
- To track your usage of the Services;
- To improve the quality, features and functionality of the Services;
- To improve the security of the Services;’
- To back up our systems and allow for disaster recovery; and
Legal bases for processing information under the GDPR for users in the European Union (EU)
- The Company processes information of Users in the EU in accordance with Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”).The GDPR governs how the Company may process your information, and the rights that EU Users have in relation to your information. This means that the Company will collect and use your information only where:
- The collection and use of your information is justified because of a legitimate interest such as for improving the Portal and marketing the Services (but only where our legitimate interest isn’t overridden by your interest in protecting your information);
- We have obtained your consent for using your information in a certain way;
- The collection and use of your information is necessary for compliance with our legal obligations;
- You may withdraw your consent for using your information at any time. Depending on the situation you can either withdraw your consent by writing to firstname.lastname@example.org. Where we are using your information because of a legitimate interest to do so, you have the right to object to that use. However, if you do so, you may not be able to continue using the functionalities of the Portal and/or the Services.
Disclosure of the information
- The Company does not sell, trade, or rent or disclose Your Personal Information or Your Sensitive Personal Information to any third party. However, the Company cannot fully ensure that such information will not be disclosed to third parties. For example, we may be legally obligated to disclose information to the government or third parties under certain circumstances, third parties may circumvent the Company’s security measures to unlawfully intercept or access transmissions or private communications, or an error may occur in the administration of the Portal. In the unlikely event that the Company needs to investigate or resolve possible problems or inquiries, we may, and you authorize the Company to, disclose any information about you to government officials as permitted by applicable law.
- We reserve the right to disclose any Personal Information and/or Sensitive Personal Information as required by applicable law and when we believe, at our sole discretion that disclosure is necessary to protect our rights, protect someone from injury and/or to comply with a judicial proceeding, court order, or legal process served on our Portal
- The Company shall disclose Personal Information such as name, e-mail address as well as order details with third party platforms solely for the purposes of sending personalized communications to you like newsletters and order details relating to your use of the Portal. In the event that do not wish to receive any further personalized communications from such party, you may click on the ‘UNSUBCRIBE’ button provided for at the end of any such communications. Please note that you will not be able to unsubscribe from any information relating to order details that is sent to you from any such third party
- If the Company becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, personal information will be transferred to the new entity for the continued performance of Services.
Cross-border transfers of information (for users in the EU)
- In the event we transfer information of Users in the EU to a third party service provider located outside the EU and/or is not subject to an adequacy decision by the EU Commission, we will ensure that:
- we obtain your prior consent for such transfer; and
- such third party service providers have appropriate safeguards for your information by way of entering into a binding agreement that provides for the same.
- If you are a User from non-EU countries, on receiving a request to deactivate your Use Account, the Company will deactivate your User Account and archive your Personal Information. Archived information will be retained by the Company for a period of 26 months in it’s secure database for the purpose of our records. Non-personally identifiable information of Users from non-EU countries is retained 26 months for analytics. However, Your Sensitive Personal Information, collected by us, if any, will be destroyed on deactivation of your account.
- If you are a User in the EU, on receiving a request to deactivate your User Account, the Company will deactivate your User Account and all Personal Information and Sensitive Personal Information, collected by us, if any, will be destroyed. Non-personally identifiable information of Users in the EU may be retained indefinitely for analytics subject to the same being kept separate from other information including but not limited to unique identifiers, that, in combination with such non-personally identifiable information of the Users, may render the same personally identifiable.
Rights in respect of your information
- The laws of some countries grant particular rights in respect of personal information. If you are a User in such jurisdictions, you may have the right to:
- Request a copy of your personal information;
- Request that we correct inaccuracies relating to your personal information;
- Request that your personal information is deleted or that we restrict access to it;
- Request a structured electronic version of your personal information; and
- Object to our use of your personal information;
- Should you wish to make a request in respect of your personal information please contact us at email@example.com.
- In some circumstances, the Company may not be able to comply with a request that you make in respect of your personal information. For example, we may not be able to provide a copy of your personal information where it infringes on the rights of another User. We may also be required to retain certain personal information that you ask us to delete for various reasons, such as where there is a legal requirement to do so.
- If we are unable to resolve your request, or if you are concerned about a potential violation, you may be entitled to report the issue or make a complaint to the data protection authority in your jurisdiction.
Third party links
- The Portal may contain links to other websites ("Linked Sites"). The Linked Sites are not under the control of the Portal. We are not responsible for the content of any Linked Site, including, without limitation to, any link contained in a Linked Site, or any changes or updates to a Linked Site.
- the Company does not intend the Linked Sites to be referrals to, endorsements of, or affiliations with the linked entities
- We have implemented industry standard security policies, rules and technical measures, as required under Section 8 of the Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules, 2011 in order to protect any kind of personal sensitive information that we have under our control from unauthorized access. You should know, however, that the Company cannot fully eliminate such risks.
Governing law and jurisdiction